Attackers are exploiting three Fortinet FortiSandbox flaws, including one patched last week, risking auth bypass and command ...

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...

University of Toronto researchers demonstrate how open-weight local LLMs can be used to autonomously exploit flaws and ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Critical infrastructure organizations should move to harden their Automatic Tank Gauge (ATG) systems to defend against ...

ATGs are used in multiple critical sectors of industry, and many are still unsecured.

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...

A vulnerability in the FTP server ProFTPD can lead to the execution of injected malicious code. The security flaw is found in the included mod_sql. A proof-of-concept exploit is already available.

A critical SQL injection vulnerability in the open-source AI gateway LiteLLM, tracked as CVE-2026-42208, was exploited less than two days after being listed in the GitHub Advisory Database. Attackers ...

A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of internet facing systems at risk. Yet another critical flaw in a Fortinet ...

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two ‘perfect 10’ vulnerabilities in the company’s Secure Firewall ...